Waiting for More EHR Privacy StandardsProposed HITECH Incentive Rules Lack Details for Now
To qualify for stage 1 of the HITECH EHR incentive program, which kicked off this month, hospitals and clinics must conduct a risk analysis and take steps to mitigate identified risks. But so far, the Health IT Policy Committee has yet to propose further privacy and security protections for stages 2 and 3.
In a notice listing all its recommendations for stage 2 and 3, the committee only states that additional protections are under consideration by the committee's Privacy and Security Tiger Team.
One new recommendation for Stage 2 and 3, however, calls for physicians to use online secure patient messaging as a way to engage patients and families in their care.
The committee soon will begin accepting comments on its recommendations, which are due Feb. 25. Then it will hold a series of public meetings in the spring to fine-tune its proposals, which ultimately will be reviewed by the Department of Health and Human Services. Requirements for Stage 2 are due by the end of this year.
Health Information ExchangeLast year, the tiger team endorsed detailed recommendations for how and when to obtain patient consent for the exchange of their electronic health records.
It also recommended that all organizations involved in any type of health information exchange should be required to have digital certificates to authenticate their identities. The Health IT Policy Committee accepted these recommendations, but HHS has not taken any action on them.
The tiger team now is working on identifying how best to match patients to the right electronic health records when information is exchanged among organizations.
Meanwhile, a new workgroup of the HIT Policy Committee is reviewing a presidential council's EHR interoperability proposal that calls for requiring the use of a new universal exchange language based on XML for future stages of the EHR incentive program.